The UK’s data chief has called for a new code of practice on the use of digital information in political campaigning in a new report published on Tuesday (6 November) in the wake of data scandals connected to the Brexit referendum.

“A self-regulatory approach will not guarantee consistency, rigour or shore up public confidence,” said Information Commissioner Elizabeth Denham, launching a 111 page report into the ‘use of data analytics for political purposes’ by her office.

“That is why I am calling for views for a code of practice covering the use of data in campaigns and elections.”

The 18 month investigation was prompted by allegations of widespread misuse of personal data obtained from social media platforms during the Brexit referendum in June 2016.

The ICO said that it had based its investigation on over 700 terabytes of data, equivalent to 52.2 billion pages taken from machines and cloud servers.

Appearing before MPs on the Digital, Culture, Media and Sport (DCMS) select committee on Tuesday, Denham said that Facebook and other firms involved in the Cambridge Analytica data mining scandal had showed a “disturbing level of disrespect” for voters’ personal data.

In October, the ICO slapped Facebook with the maximum £500,000 fine allowable under the previous data protection regulation for “lack of transparency and security issues relating to the harvesting of data”. Were the same offences to be committed now, the social media giant could face a far stiffer fine of up to 4% of its turnover under the General Data Protection Regulation.

Senior EU officials extolled the successes of the bloc’s data protection regulations on Thursday (25 October), as Facebook was fined £500,000 for its part in the Cambridge Analytica scandal.

Both Denham and her office’s report indicated that the UK was at a cross-roads in terms of the use of data in political campaigning but warned that tighter regulation of tech firms was “quite controversial and the need to balance freedom of expression with the harms of the internet is hard,” she told MPs.

Although the ICO investigation looked at both the Remain and Leave campaigns, it is the Leave campaigns who have come under closest scrutiny and face a series of fines and criminal investigations.

The revelations about Cambridge Analytica, which harvested Facebook data for use by campaign groups affiliated to the Leave campaign, forced the company to declare bankruptcy earlier this year, but the firm is subject to a criminal prosecution based on the ICO’s findings, and its case will go to trial in January 2019.

Leave.EU and Eldon Insurance, a company owned by Arron Banks, the controversial funder of the Leave.EU campaign, who is now subject to criminal investigations, have been fined a total of £135,000 for breaching data privacy laws.

For its part, in a report published on 17 July, the UK’s Electoral Commission stated that Vote Leave and two other campaign groups were guilty of a series of breaches of election law.

The Vote Leave campaign has been fined and reported to the police by the UK’s elections regulator for deliberately falsifying its campaign expenses for the Brexit referendum.

The ICO has issued formal warnings to all of the UK’s major political parties, and added that it would start conducting audits of the parties in January 2019.

“Without a high level of transparency and trust amongst citizens that their data is being used appropriately, we are at risk of developing a system of voter surveillance by default,” the report said.

But it did not conclude that data harvesting techniques had been a decisive factor in the Brexit vote, stating that “it is impossible for us to say whether the data techniques used by either side in the UK EU referendum campaign impacted on the result.”